How to Lock Bitlocker Drives again

How to Lock Bitlocker Drives again

Bitlocker drives are normally only locked again after a restart. However, it is possible to lock additional drives again during operation.

You can either use PowerShell directly or – more conveniently – simply use a shortcut.

For example, we create a new shortcut on the desktop with a right-click to lock drive E with Bitlocker again. We enter the following as the target of the shortcut:

powershell.exe -Command "Lock-BitLocker -MountPoint 'E:'"

Then right-click to open the properties of the shortcut.

In the “Shortcut” tab, click on the “Advanced” button to select that the program should be executed as an administrator. This is necessary to lock the drive again.

Now the E drive can be locked again directly with a simple click on the shortcut.

But be careful

Even if the Bitlocker drive has been locked again, it may still be possible to read the key from the working memory. This risk is only reduced by a proper, cold restart.

Irrespective of this, in addition to Bitlocker, I always recommend the encryption of inactive – rarely used – data (data at rest) with additional encryption (e.g. with a container).

Leave a Reply

Your email address will not be published. Required fields are marked *